[ale] still trying to figure it out
Geoffrey
esoteric at 3times25.net
Sat Aug 2 22:31:57 EDT 2003
David S. Jackson wrote:
> On Sat, Aug 02, 2003 at 08:22:48AM -0400 Geoffrey The Esoteric <esoteric at 3times25.net> wrote:
>
>>I did track the dns converstation via tcpdump. In the case where I try
>>to reach the site from the firewall, you see the dns request go out and
>>the answer come back. In the case of the request from the nat'd
>>machine, you see the dns request go out, and the 'no name response
>>return.
>
>
> Doesn't this sound like the reply is getting filtered at your
> firewall box? The packet isn't accepted or rejected, it's just
> denied or dropped, leaving the client in limbo.
I don't think the packet is getting dropped, since in both cases I see a
response from the dns server, it's just in one case it's successful, the
other 'no name' error. It's like the packet containing the name is
getting corrupted or something. Just enough so that it still get's handled.
>
> You're so patient at reexplaining this stuff for me, I really
> appreciate it. Sorry I didn't get it straight the first time. :-)
Ha, I don't know if it's you or me. I don't always explain things all
that well. :)
>
>
>>It doesn't appear anything get's dropped, just different
>>answers. Weird... Further, this is the only site I have this problem with.
>
>
> This sounds like an honest-to-God scratch-your-head problem. I
> like it! :-)
I do to, except it's my mother-in-laws benefits site, and she's saying
it's a Linux problem. Which suggests one thing I've not done. I've not
tried to get to that site from a windows box behind my firewall. Well
gotta go.... :)
--
Until later: Geoffrey esoteric at 3times25.net
The latest, most widespread virus? Microsoft end user agreement.
Think about it...
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list